PT-2026-6631 · Wekan · Wekan

Megamansec

Publicado

2026-02-05

Atualizado

2026-03-06

CVE-2026-1963

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WeKan versions up to 8.20

Description A flaw exists in WeKan that relates to improper access controls within the Attachment Storage component. The issue is located in the file models/attachments.js and impacts an unknown function. This manipulation can be initiated remotely. Upgrading to version 8.21 resolves this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d.

Recommendations Upgrade to WeKan version 8.21. Upgrade the affected component.

Correção

Incorrect Privilege Assignment

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-284

Identificadores relacionados

CVE-2026-1963

Produtos afetados

Wekan

PT-2026-6631 · Wekan · Wekan

CVE-2026-1963

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12